open-menu
closeme
WinDivert Driver Load
calendar
Nov 25, 2024
·
attack.collection
attack.defense-evasion
attack.t1599.001
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Creation Via Tar.EXE
calendar
Nov 1, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Extraction Via Tar.EXE
calendar
Nov 1, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
7Zip Compressing Dump Files
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
ADFS Database Named Pipe Connection By Uncommon Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Audio Capture
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Audio Capture via PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Audio Capture via SoundRecorder
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Automated Collection Command PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
·
Share on:
twitter
facebook
linkedin
copy
Automated Collection Command Prompt
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 VM Export Failure
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Full Data Export Triggered
calendar
Aug 12, 2024
·
attack.collection
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Unauthorized Full Data Export Triggered
calendar
Aug 12, 2024
·
attack.collection
attack.resource-development
attack.t1213.003
attack.t1586
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket User Details Export Attempt Detected
calendar
Aug 12, 2024
·
attack.collection
attack.reconnaissance
attack.discovery
attack.t1213
attack.t1082
attack.t1591.004
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco Collect Data
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.collection
attack.t1087.001
attack.t1552.001
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco Stage Data
calendar
Aug 12, 2024
·
attack.collection
attack.lateral-movement
attack.command-and-control
attack.exfiltration
attack.t1074
attack.t1105
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Collection of Image Data with Xclip Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Collection with Xclip Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Collection with Xclip Tool - Auditd
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Data Collection Via OSAScript
calendar
Aug 12, 2024
·
attack.collection
attack.execution
attack.t1115
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Compress Data and Lock With Password for Exfiltration With 7-ZIP
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Compress Data and Lock With Password for Exfiltration With WINZIP
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Conti NTDS Exfiltration Command
calendar
Aug 12, 2024
·
attack.collection
attack.t1560
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Copy From Or To Admin Share Or Sysvol Folder
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.collection
attack.exfiltration
attack.t1039
attack.t1048
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
CredUI.DLL Loaded By Uncommon Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
Data Copied To Clipboard Via Clip.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
DNS Query Request To OneLaunch Update Service
calendar
Aug 12, 2024
·
attack.collection
attack.t1056
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Steals Browser Information
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Snap-Ins Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
Files Added To An Archive Using Rar.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
Github Delete Action Invoked
calendar
Aug 12, 2024
·
attack.impact
attack.collection
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Outside Collaborator Detected
calendar
Aug 12, 2024
·
attack.persistence
attack.collection
attack.t1098.001
attack.t1098.003
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Aug 12, 2024
·
attack.impact
attack.discovery
attack.collection
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Google Full Network Traffic Packet Capture
calendar
Aug 12, 2024
·
attack.collection
attack.t1074
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Linux Capabilities Discovery
calendar
Aug 12, 2024
·
attack.collection
attack.privilege-escalation
attack.t1123
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - GIT Clone Request
calendar
Aug 12, 2024
·
attack.collection
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - MSSQL Login Attempt Via SQLAuth
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1003
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - MSSQL Login Attempt Via Windows Authentication
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1003
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - MySQL Login Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1003
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - REDIS Action Command Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1003
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SIP Request
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SMB File Open Request
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.collection
attack.t1021
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Periodic Backup For System Registry Hives Enabled
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Potential Conti Ransomware Database Dumping Activity Via SQLCmd
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Keylogger Activity
calendar
Aug 12, 2024
·
attack.collection
attack.credential-access
attack.t1056.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get Clipboard
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get-Clipboard Cmdlet Via CLI
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Powershell Keylogging
calendar
Aug 12, 2024
·
attack.collection
attack.t1056.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Local Email Collection
calendar
Aug 12, 2024
·
attack.collection
attack.t1114.001
·
Share on:
twitter
facebook
linkedin
copy
Processes Accessing the Microphone and Webcam
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
PST Export Alert Using eDiscovery Alert
calendar
Aug 12, 2024
·
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
PST Export Alert Using New-ComplianceSearchAction
calendar
Aug 12, 2024
·
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
PUA - Mouse Lock Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
Rar Usage with Password and Compression Level
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Recon Information for Export with Command Prompt
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
·
Share on:
twitter
facebook
linkedin
copy
Recon Information for Export with PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
·
Share on:
twitter
facebook
linkedin
copy
Renamed Remote Utilities RAT (RURAT) Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.collection
attack.command-and-control
attack.discovery
attack.s0592
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture - macOS
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture Activity Via Psr.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture with Import Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture with Xwd
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
SQLite Chromium Profile Data DB Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1539
attack.t1555.003
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
SQLite Firefox Profile Data DB Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1539
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Access to Sensitive File Extensions
calendar
Aug 12, 2024
·
attack.collection
attack.t1039
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Access to Sensitive File Extensions - Zeek
calendar
Aug 12, 2024
·
attack.collection
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Camera and Microphone Access
calendar
Aug 12, 2024
·
attack.collection
attack.t1125
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Manipulation Of Default Accounts Via Net.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Veeam Backup Database Suspicious Query
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
VeeamBackup Database Credentials Dump Via Sqlcmd.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Windows Recall Feature Enabled - DisableAIDataAnalysis Value Deleted
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Windows Recall Feature Enabled - Registry
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Windows Recall Feature Enabled Via Reg.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Windows Screen Capture with CopyFromScreen
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Winrar Compressing Dump Files
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Winrar Execution in Non-Standard Folder
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Zip A Folder With PowerShell For Staging In Temp - PowerShell Module
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
Zip A Folder With PowerShell For Staging In Temp - PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
Zip A Folder With PowerShell For Staging In Temp - PowerShell Script
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Folders
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Forwarding Criteria
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Rule Names
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
to-top